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DETAILED ACTION 
Claim Rejections - 35 USC § 101 
35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 15-16 are rejected under 35 U.S.C. 101 because "recording medium" is 
directed to non-statutory subject matter. The recording medium may be signals, 
software, and a piece of paper and, which are not statutory. 

Claim Rejections - 35 USC §102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or In public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
states. 

Cliaims 1-4 are rejected under 35 U.S.C. 102(b) as being anticipated by Antoine, 
Vanessa. Router Security Configuration Guide. National Security Agency: 
http://www.securityfocus.eom/infocus/1 728: September 27, 2002. 

Claim 1 

Antoine discloses a security engine management apparatus in network nodes 
comprising: a security engine including: a security instruction and library subsystem for 
processing every application program and utility that are allowed to access to a system 
source; a policy decision subsystem for determining a filtering policy, an intrusion 
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detection policy and an access control policy that are required for detecting and 
blocking an intmsion into a network; an authentication and access control subsystem for 
preventing an unauthorized user from using a system and allowing an authorized 
user to access to the system in response to an application of the access control 
policy (Section 3.4.4 and Section 4.3); a policy application subsystem for analyzing 
and applying the policies (section 4.3.1 ); a packet filtering subsystem for receiving an 
allowed packet and denying a disallowed packet in response to the application of the 
filtering policy (Section 3.2.2); and an intrusion analysis and audit trail subsystem for 
analyzing and coping with the intrusion into the network in response to the application 
of the intrusion detection policy (page 229), and a security management subsystem for 
managing the security engine (Section 3.4.2). 
Claim 2 

Antbine discloses the security engine management apparatus in network nodes of claim 
1 , wherein the policy application subsystem provides intrusion detection and audit 
information (page 45 and 126:"audit logs") through a device driver and packet statistical 
information (page 41) through a proc file system to the policy decision system. 
Claim 3 

Antoine discloses the security engine management apparatus in network nodes of claim 
1 , wherein the filtering policy is used for blocking or passing a packet having a certain 
destination address depending on a sender address, a destination address, a sender 
port, a destination port, and a protocol type (Section 4.3.1 and Section 3.2.2, page 36 & 
81). 
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Claim 4 

Antoine discloses the security engine management apparatus in network nodes of claim 
1, wherein the intrusion detection policy includes rules for detecting a DoS attack and a 
specific virus pattern (Section 5.5). 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the Invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1 , 148 

USPQ 459 (1966), that are applied for establishing a background for determining 

obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 

Claims 5-16 are rejected under 35 U.S.C. 103(a) as being unpatentable over 

Antoine, Vanessa. Router Security Configuration Guide. National Security Agency: 

http://www.securityfocus.com/infocus/1728: September 27, 2002. in view of Cuff, Andy. 

Intrusion Detection Terminology (Part One), http://www.securityfocus.com/infocus/1728: 

September 9, 2003. 
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Antoine discloses a security engine management apparatus in network nodes 
comprising: a security engine including: a security instruction and library subsystem for 
processing every application program and utility that are allowed to access to a system 
source; a policy decision subsystem for determining a filtering policy, an intrusion 
detection policy and an access control policy that are required for detecting and 
blocking an intrusion into a network; an authentication and access control subsystem for 
preventing an unauthorized user from using a system and allowing an authorized 
user to access to the system in response to an application of the access control 
policy (Section 3.4.4 and Section 4.3); a policy application subsystem for analyzing 
and applying the policies (section 4.3.1); a packet filtering subsystem for receiving an 
allowed packet and denying a disallowed packet in response to the application of the 
filtering policy (Section 3.2.2); and an intrusion analysis and audit trail subsystem for 
analyzing and coping with the Intrusion into the network in response to the application 
of the intrusion detection policy (page 229), and a security management subsystem for 
managing the security engine (Section 3.4.2). 

Antoine discloses the security engine management apparatus in network nodes 
wherein the policy application subsystem provides intrusion detection and audit 
information (page 45 and 126:"audit logs") through a device driver and packet statistical 
information (page 41 ) through a proc file system to the policy decision system. The 
filtering policy is used for blocking or passing a packet having a certain destination 
address depending on a sender address, a destination address, a sender port, a 
destination port, and a protocol type (Section 4.3.1 and Section 3.2.2, page 36 & 81). 
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The security engine management apparatus in network nodes wherein the intrusion 
. detection policy includes rules for detecting a DoS attack and a specific virus pattern 
(Section 5.5.1 ). In case the virus file is downloaded, the intmsion analysis and audit 
trail subsystem detects the virus file transfer by examining a file pattern and then 
informs the virus file transfer on a mobile terminal; and in case the DoS attack is 
attempted, the intrusion analysis and audit trail subsystem examines a DoS attack 
pattern to block the DoS attack, thereby storing detection information on the DoS attack 
and the virus attack in an audit recording database (Section 5.5). 

Antoine discloses the security engine management apparatus in network nodes 
wherein the network setting module displays network interface information on an 
interface card type, an IP address, a hardware address, and a size, state and option of 
maximum transmission unit (MTU), and system information on OS information, a 
booting elapsed time, a current time, a system name, and a disc size, and perfomis an 
addition, a deletion, and an edition of a routing table (Section 4.4 and pages 153-157). 

Also Antoine discloses a method for security engine management in network 
nodes, comprising the steps of: (a) receiving a packet from an attack system and • 
examining the packet according to a filtering policy; (b) checking whether the packet is 
allowed or not, based on the examination result of step (a); (c) passing the packet if the 
packet is allowed in the step (b) and checking whether or not the allowed packet is an 
attack intrusion packet according to an intrusion detection policy; and (Section 3.2.2) 
(d) in case the packet is the attack intrusion packet in the step (c). The security engine 
management method in network nodes wherein if the packet is disallowed in the step 
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(b), the disallowed packet is denied (Section 3.2.2). The security engine management 
method in network nodes of in which if the packet is a general packet In the step (c), the 
packet is transferred through a network (section 3.2.2). Includes a recording medium for 
recording therein a program for implementing a method for security engine 
management (page 24 & 66). 

Furthermore Antoine discloses a method for providing an integrative security 
management by using a security policy applied between a router and a security 
management subsystem, the method comprising the steps of: (a) checking whether or 
not a user is authorized through a user registration and authentication process; 
(b) if the user is authorized in step (a), allowing a user to access to the security 
management subsystem, collecting information on a network composition of hosts, 
gateways, and routers and storing the collected information in a network database 
(Section 3.4.3-3.4.4). Wherein if the user is not authorized in the step (a), the user is 
blocked to access to the security management subsystem and system sources of 
network nodes to prevent damage generated by an illegal acquisition of a root authority 
(page 100: "preventing unauthorized access to resources on the network"). And if the 
user is not authorized in the step (a), a security engine is managed based on a security 
policy and the security policy is stored in a policy database (page 164: "Authorization 
works by creating a list of attributes which describe what the user is allowed to do. After 
a user logs in and has been identified by authentication, the security server database 
will be used to control access to various network components and services as defined 
by the stored attributes (if the user is authorized or not)"). Includes a recording medium 
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for recording therein a program for implementing a method for providing an integrative 
security management (page 43 & 1 27). 

Antoine doesn't specifically state that security engine management apparatus or 
the methods use a security management GUI or a mobile terminal to communicate with 
a system operator when displaying statistical information on packet filtering or 
information oh DoS and vims attacks. 

Cuff discloses the security engine management apparatus, method for security 
engine management and method for providing an integrative security management in 
network nodes wherein the security management subsystem further includes: a security 
management GUI of a web base, for executing a management instruction; an audit 
management module for processing audit information on an illegal intrusion; a log-in 
processing module for performing a user authentication by using a user ID and a 
password inputted from the mobile tenminal; a packet statistical module for showing 
packet statistical information on each of protocols and an interface; a network setting 
module for showing a network status for routers and systems through the security 
management GUI; a policy management module for displaying a security policy for 
detecting a network intrusion and performing an addition, a deletion, and an edition 
thereof; an audit management module for displaying information on the DoS attack and 
the virus attack on the mobile terminal by using a short message service (SMS); and a 
network communication module for communicating with the policy decision subsystem 
for a policy management and informing the audit management module of the policies in 



Application/Control Number: 10/743,460 Page 9 

Art Unit: 2109 

real time (page 1: "alerts using GUI or mobile phone (SMS: "text messages") when the 
system operator detects suspicious activity"). 

It would have been obvious to one of ordinary skill in the art at the time of 
invention to modify the teachings of Antoine by using a GUI to display statistical 
information and also alert DoS attacks and virus attacks through a mobile terminal, 
which is disclosed in Wheeler. Using a GUI makes it easier for humans to read the 
activity that is going on with the security engine management apparatus and vyhen the 
network is under attack and need to alert the system operator quickly using text 
messaging of a mobile terminal is beneficial. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. Kaashoek et al. teaches a method of thwarting denial of service 
attacks on a victim data center coupled to a network. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kari L. Schmidt whose telephone number is 571-270- 
1385. The examiner can normally be reached on Monday-Friday: 7:30am - 5:00pm 
(with alternate Fridays off). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Walter Griffin can be reached on 571-272-1447. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding tlie status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status infomiation for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status infomiation for unpublished applications is available through Private PAIR only. 
For more Information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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